Encryption and the Apple iPhone case

With all the recent news regarding the terrorist event in California, and the cell phone with encrypted data, there has been a hue and cry for the phone makers (and by extension, software makers) to write software that allows law enforcement to have a backdoor mechanism to access this encrypted data. While this is laudable in theory, the Pandora’s box that this opens is huge. There are multiple legitimate concerns regarding who would have access to such software. Lawmakers indicate that they would only use this access when granted legal authority by the courts.

However, recall Edward Snowden and his exposure of the NSA use of monitoring data, and possible questionable uses of this data. And, note the relative ease of hackers to access even non-encrypted data (or data encrypted without good passwords) from government agencies, thus exposing millions of people’s vital data.

In the case of the Apple phone used by the terrorist, the phone has an unlocking code of “X” characters. If this is four, then that makes 9,999 possible combinations of codes to try and unlock it. But, the software is designed that after about 10 wrong attempts to unlock it, the phone data will self-destruct. From reading the court requests, the court is requiring apple to write new software that will allow unlimited attempts by law enforcement, to unlock this phone, without having the data self-destruct.

I believe law enforcement needs access to this data. I believe that some way is needed to keep terroristic and illegal activity from being hidden from legitimate law enforcement. However, once such software is written (and some may have already been written and used by both law enforcement, and Apple, and other computer/phone makers, in other legal cases), then it exists, and everyone’s phone that is encrypted is exposed to either illegal, or legal, snooping. Such code makes it such that even if your phone is encrypted, determined thieves (or even law enforcement) could have at their hands the technology to access this.

It would be great if this technology were just available to law enforcement. But take a look at recent history, with both government access of such data, and also the illegal access of computers by hackers. Let’s assume you believe that all law enforcement access would be court-granted. That software still can be in the hands of hackers and identity-theft rings. There has been hacking of government computers with millions of persons’ data exposed. And see the latest example of theft of data from the Hollywood hospital where the actual data was held hostage, encrypted, until a ransom was paid. In that case, patient records were not available for several days.

I have used data protection and encryption for many years. I use it especially on my computer notebook. I especially used it when I was practicing medicine. If I carried that computer with me, it was encrypted, which makes the computer essentially just a bundle of metal to thieves who would steal it. Anyone who is carrying any sensitive data on a portable device should have such devices encrypted. News in the past several years has revealed numerous notebooks stolen from federal employees and from insurance companies, which were not encrypted, which again exposed millions of individuals to data theft.

Encryption is there as a protection. I do believe that it is not an umbrella that should allow illegal activities to be covered up. But the tools that would allow access to this encrypted data don’t care whether your data is legitimate or illegal, and these tools in the wrong hands would weaken or destroy the protection that legitimate data has.

I hope this sparks awareness and discussion on using this technology. There have been too many quick answers and flames on the social media pages without fully understanding what is available, and what it means to have easier access to this data. This article (and I) don’t have the answer to that.